wechat-article-extractor
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on
npx wechat-article-extractorto perform its primary function. This command downloads and executes a package from the npm registry at runtime. While this is the standard distribution method for the author's tool, it involves executing remote code. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it parses content from external, untrusted WeChat articles (mp.weixin.qq.com). Malicious actors could embed instructions in these articles to influence the agent's behavior.
- Ingestion points: External web content retrieved from
mp.weixin.qq.comandweixin.sogou.comvia theextractfunction and CLI tool. - Boundary markers: The skill documentation does not suggest using delimiters or specific system instructions to isolate the extracted article content from the agent's control logic.
- Capability inventory: The skill performs network operations to fetch data and outputs processed text/JSON to the agent, which may then be used for further decision-making.
- Sanitization: There is no evidence of prompt-specific sanitization; the mentioned
lodash.unescapeis used for processing HTML entities rather than security filtering.
Audit Metadata